PART 5 -- IMPLEMENTATION AND REVIEW
Sec. 5.1. Program Direction. (a) The Director of the Information Security Oversight Office, under the direction of the Archivist and in consultation with the National Security Advisor, shall issue such directives as are necessary to implement this order. These directives shall be binding on the agencies. Directives issued by the Director of the Information Security Oversight Office shall establish standards for:
(1) classification, declassification, and marking principles;
(2) safeguarding classified information, which shall pertain to the handling, storage, distribution, transmittal, and destruction of and accounting for classified information;
(3) agency security education and training programs;
(4) agency self-inspection programs; and
(5) classification and declassification guides.
(b) The Archivist shall delegate the implementation and monitoring functions of this program to the Director of the Information Security Oversight Office.
(c) The Director of National Intelligence, after consultation with the heads of affected agencies and the Director of the Information Security Oversight Office, may issue directives to implement this order with respect to the protection of intelligence sources, methods, and activities. Such directives shall be consistent with this order and directives issued under paragraph (a) of this section.
Sec. 5.2. Information Security Oversight Office. (a) There is established within the National Archives an Information Security Oversight Office. The Archivist shall appoint the Director of the Information Security Oversight Office, subject to the approval of the President.
(b) Under the direction of the Archivist, acting in consultation with the National Security Advisor, the Director of the Information Security Oversight Office shall:
(1) develop directives for the implementation of this order;
(2) oversee agency actions to ensure compliance with this order and its implementing directives;
(3) review and approve agency implementing regulations prior to their issuance to ensure their consistency with this order and directives issued under section 5.1(a) of this order;
(4) have the authority to conduct on-site reviews of each agency's program established under this order, and to require of each agency those reports and information and other cooperation that may be necessary to fulfill its responsibilities. If granting access to specific categories of classified information would pose an exceptional national security risk, the affected agency head or the senior agency official shall submit a written justification recommending the denial of access to the President through the National Security Advisor within 60 days of the request for access. Access shall be denied pending the response;
(5) review requests for original classification authority from agencies or officials not granted original classification authority and, if deemed appropriate, recommend Presidential approval through the National Security Advisor;
(6) consider and take action on complaints and suggestions from persons within or outside the Government with respect to the administration of the program established under this order;
(7) have the authority to prescribe, after consultation with affected agencies, standardization of forms or procedures that will promote the implementation of the program established under this order;
(8) report at least annually to the President on the implementation of this order; and
(9) convene and chair interagency meetings to discuss matters pertaining to the program established by this order.
Sec. 5.3. Interagency Security Classification Appeals Panel.
(a) Establishment and administration.
(1) There is established an Interagency Security Classification Appeals Panel. The Departments of State, Defense, and Justice, the National Archives, the Office of the Director of National Intelligence, and the National Security Advisor shall each be represented by a senior-level representative who is a full-time or permanent part-time Federal officer or employee designated to serve as a member of the Panel by the respective agency head. The President shall designate a Chair from among the members of the Panel.
(2) Additionally, the Director of the Central Intelligence Agency may appoint a temporary representative who meets the criteria in paragraph (a)(1) of this section to participate as a voting member in all Panel deliberations and associated support activities concerning classified information originated by the Central Intelligence Agency.
(3) A vacancy on the Panel shall be filled as quickly as possible as provided in paragraph (a)(1) of this section.
(4) The Director of the Information Security Oversight Office shall serve as the Executive Secretary of the Panel. The staff of the Information Security Oversight Office shall provide program and administrative support for the Panel.
(5) The members and staff of the Panel shall be required to meet eligibility for access standards in order to fulfill the Panel's functions.
(6) The Panel shall meet at the call of the Chair. The Chair shall schedule meetings as may be necessary for the Panel to fulfill its functions in a timely manner.
(7) The Information Security Oversight Office shall include in its reports to the President a summary of the Panel's activities.
(b) Functions. The Panel shall:
(1) decide on appeals by persons who have filed classification challenges under section 1.8 of this order;
(2) approve, deny, or amend agency exemptions from automatic declassification as provided in section 3.3 of this order;
(3) decide on appeals by persons or entities who have filed requests for mandatory declassification review under section 3.5 of this order; and
(4) appropriately inform senior agency officials and the public of final Panel decisions on appeals under sections 1.8 and 3.5 of this order.
(c) Rules and procedures. The Panel shall issue bylaws, which shall be published in the Federal Register. The bylaws shall establish the rules and procedures that the Panel will follow in accepting, considering, and issuing decisions on appeals. The rules and procedures of the Panel shall provide that the Panel will consider appeals only on actions in which:
(1) the appellant has exhausted his or her administrative remedies within the responsible agency;
(2) there is no current action pending on the issue within the Federal courts; and
(3) the information has not been the subject of review by the Federal courts or the Panel within the past 2 years.
(d) Agency heads shall cooperate fully with the Panel so that it can fulfill its functions in a timely and fully informed manner. The Panel shall report to the President through the National Security Advisor any instance in which it believes that an agency head is not cooperating fully with the Panel.
(e) The Panel is established for the sole purpose of advising and assisting the President in the discharge of his constitutional and discretionary authority to protect the national security of the United States. Panel decisions are committed to the discretion of the Panel, unless changed by the President.
(f) An agency head may appeal a decision of the Panel to the President through the National Security Advisor. The information shall remain classified pending a decision on the appeal.
Sec. 5.4. General Responsibilities. Heads of agencies that originate or handle classified information shall:
(a) demonstrate personal commitment and commit senior management to the successful implementation of the program established under this order;
(b) commit necessary resources to the effective implementation of the program established under this order;
(c) ensure that agency records systems are designed and maintained to optimize the appropriate sharing and safeguarding of classified information, and to facilitate its declassification under the terms of this order when it no longer meets the standards for continued classification; and
(d) designate a senior agency official to direct and administer the program, whose responsibilities shall include:
(1) overseeing the agency's program established under this order, provided an agency head may designate a separate official to oversee special access programs authorized under this order. This official shall provide a full accounting of the agency's special access programs at least annually;
(2) promulgating implementing regulations, which shall be published in the Federal Register to the extent that they affect members of the public;
(3) establishing and maintaining security education and training programs;
(4) establishing and maintaining an ongoing self inspection program, which shall include the regular reviews of representative samples of the agency's original and derivative classification actions, and shall authorize appropriate agency officials to correct misclassification actions not covered by sections 1.7(c) and 1.7(d) of this order; and reporting annually to the Director of the Information Security Oversight Office on the agency's self-inspection program;
(5) establishing procedures consistent with directives issued pursuant to this order to prevent unnecessary access to classified information, including procedures that:
(A) require that a need for access to classified information be established before initiating administrative clearance procedures; and
(B) ensure that the number of persons granted access to classified information meets the mission needs of the agency while also satisfying operational and security requirements and needs;
(6) developing special contingency plans for the safeguarding of classified information used in or near hostile or potentially hostile areas;
(7) ensuring that the performance contract or other system used to rate civilian or military personnel performance includes the designation and management of classified information as a critical element or item to be evaluated in the rating of:
(A) original classification authorities;
(B) security managers or security specialists; and
(C) all other personnel whose duties significantly involve the creation or handling of classified information, including personnel who regularly apply derivative classification markings;
(8) accounting for the costs associated with the implementation of this order, which shall be reported to the Director of the Information Security Oversight Office for publication;
(9) assigning in a prompt manner agency personnel to respond to any request, appeal, challenge, complaint, or suggestion arising out of this order that pertains to classified information that originated in a component of the agency that no longer exists and for which there is no clear successor in function; and
(10) establishing a secure capability to receive information, allegations, or complaints regarding over-classification or incorrect classification within the agency and to provide guidance to personnel on proper classification as needed.
Sec. 5.5. Sanctions. (a) If the Director of the Information Security Oversight Office finds that a violation of this order or its implementing directives has occurred, the Director shall make a report to the head of the agency or to the senior agency official so that corrective steps, if appropriate, may be taken.
(b) Officers and employees of the United States Government, and its contractors, licensees, certificate holders, and grantees shall be subject to appropriate sanctions if they knowingly, willfully, or negligently:
(1) disclose to unauthorized persons information properly classified under this order or predecessor orders;
(2) classify or continue the classification of information in violation of this order or any implementing directive;
(3) create or continue a special access program contrary to the requirements of this order; or
(4) contravene any other provision of this order or its implementing directives.
(c) Sanctions may include reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanctions in accordance with applicable law and agency regulation.
(d) The agency head, senior agency official, or other supervisory official shall, at a minimum, promptly remove the classification authority of any individual who demonstrates reckless disregard or a pattern of error in applying the classification standards of this order.
(e) The agency head or senior agency official shall:
(1) take appropriate and prompt corrective action when a violation or infraction under paragraph (b) of this section occurs; and
(2) notify the Director of the Information Security Oversight Office when a violation under paragraph (b)(1), (2), or (3) of this section occurs.